The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SLES

computer vulnerability alert CVE-2015-2783 CVE-2015-3329 CVE-2015-3330

PHP 5.5: nine vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.5.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, MBS, Solaris, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 17/04/2015.
Revision date: 17/04/2015.
Identifiers: 69152, 69218, 69227, 69316, 69324, 69337, 69353, 69441, bulletinjul2015, c04686230, CERTFR-2015-AVI-187, CVE-2015-2783, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, DSA-3280-1, FEDORA-2015-6399, HPSBUX03337, MDVSA-2015:209, RHSA-2015:1135-01, RHSA-2015:1186-01, RHSA-2015:1218-01, SOL17028, SOL17061, SSRT102066, SUSE-SU-2015:0868-1, SUSE-SU-2015:1253-1, SUSE-SU-2015:1253-2, SUSE-SU-2016:1638-1, USN-2572-1, USN-2658-1, VIGILANCE-VUL-16646.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.5.

An attacker can use apache2handler, in order to execute code. [severity:3/4; 69218, CVE-2015-3330]

An attacker can use a type error in exception::getTraceAsString, in order to obtain sensitive information. [severity:2/4; 69152, CVE-2015-4599]

An attacker can generate a memory corruption in php_stream_url_wrap_http_ex, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69337]

An attacker can use the null character, in order to access to other files. [severity:2/4; 69353, CVE-2015-3411, CVE-2015-3412]

An attacker can force the usage of a freed memory area in php_curl, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69316]

An attacker can force a read at an invalid address in Phar, in order to trigger a denial of service. [severity:2/4; 69324, CVE-2015-2783]

An attacker can generate a buffer overflow in phar_set_inode, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69441, CVE-2015-3329]

An attacker can force the usage of a freed memory area in zval_scan, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69227]

An attacker can use a type error in SoapFault unserialize(), in order to obtain sensitive information. [severity:2/4; CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-2301 CVE-2015-2783 CVE-2015-3329

PHP 5.4: eleven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.4.
Impacted products: Debian, BIG-IP Hardware, TMOS, HP-UX, openSUSE, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 17/04/2015.
Revision date: 17/04/2015.
Identifiers: 66550, 68901, 69152, 69218, 69316, 69324, 69337, 69353, 69441, bulletinjul2015, c04686230, CERTFR-2015-AVI-187, CVE-2015-2301, CVE-2015-2783, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, DSA-3280-1, HPSBUX03337, openSUSE-SU-2015:0855-1, openSUSE-SU-2015:1197-1, RHSA-2015:1053-01, RHSA-2015:1066-01, RHSA-2015:1135-01, RHSA-2015:1218-01, SOL17028, SOL17061, SSA:2015-111-10, SSRT102066, SUSE-SU-2015:0868-1, SUSE-SU-2015:1265-1, SUSE-SU-2016:1638-1, USN-2572-1, VIGILANCE-VUL-16645.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.4.

An attacker can use apache2handler, in order to execute code. [severity:3/4; 69218, CVE-2015-3330]

An attacker can use a type error in exception::getTraceAsString, in order to obtain sensitive information. [severity:2/4; 69152, CVE-2015-4599]

An attacker can generate a memory corruption in php_stream_url_wrap_http_ex, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69337]

An attacker can use the null character, in order to access to other files. [severity:2/4; 69353, CVE-2015-3411, CVE-2015-3412]

An attacker can force the usage of a freed memory area in php_curl, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69316]

An attacker can force the usage of a freed memory area in phar_object.c, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 68901, CVE-2015-2301]

An attacker can force a read at an invalid address in Phar, in order to trigger a denial of service. [severity:2/4; 69324, CVE-2015-2783]

An attacker can generate a buffer overflow in phar_set_inode, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69441, CVE-2015-3329]

An attacker can generate a memory corruption in SoapFault unserialize(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 69152]

An attacker can force the usage of a freed memory area in SQLite, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 66550]

An attacker can use a type error in SoapFault unserialize(), in order to obtain sensitive information. [severity:2/4; CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-3331

Linux kernel: denial of service via GCM

Synthesis of the vulnerability

An attacker can make the Linux kernel decrypt data with algorithm AES-GCM, in order to trigger a denial of service and perhaps run code with kernel privileges.
Impacted products: Debian, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 15/04/2015.
Revision date: 16/04/2015.
Identifiers: CERTFR-2015-AVI-236, CERTFR-2015-AVI-243, CERTFR-2015-AVI-254, CVE-2015-3331, DSA-3237-1, RHSA-2015:0981-01, RHSA-2015:0987-01, RHSA-2015:0989-01, RHSA-2015:1081-01, RHSA-2015:1199-01, SUSE-SU-2015:1071-1, SUSE-SU-2015:1376-1, SUSE-SU-2015:1478-1, USN-2613-1, USN-2614-1, USN-2615-1, USN-2616-1, USN-2631-1, USN-2632-1, VIGILANCE-VUL-16619.

Description of the vulnerability

The Linux kernel includes an implementation of some cryptographic algorithms, notably used by IPsec.

The set of supported algorithms includes AES and the mode GCM; which adds authentication of the sender to the encryption. Recent models of Intel processor have some instructions dedicated to fast AES software implementation. However, the kernel module that implements that, namely "aesni-intel" and precisely the routine "__driver_rfc4106_decrypt" defined in the file "arch/x86/crypto/aesni-intel_glue.c" does not rightly compute the size of the decrypted text. So the decryption leads to a memory corruption in the caller, another kernel module, and maybe to code injection.

An attacker can make the Linux kernel decrypt data with algorithm AES-GCM, in order to trigger a denial of service and perhaps to run code with kernel privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-0240

Samba: use after free via NetLogon

Synthesis of the vulnerability

An unauthenticated attacker can force the usage of a freed memory area in NetLogon of Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Impacted products: Debian, Fedora, HP-UX, MBS, OES, openSUSE, Solaris, RHEL, Samba, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Creation date: 23/02/2015.
Revision date: 15/04/2015.
Identifiers: 7014420, bulletinjan2015, c04636672, CERTFR-2015-AVI-078, CVE-2015-0240, DSA-3171-1, FEDORA-2015-2519, FEDORA-2015-2538, HPSBUX03320, MDVSA-2015:081, MDVSA-2015:082, MDVSA-2015:083, openSUSE-SU-2015:0375-1, openSUSE-SU-2016:1064-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, openSUSE-SU-2016:1440-1, RHSA-2015:0249-01, RHSA-2015:0250-01, RHSA-2015:0251-01, RHSA-2015:0252-01, RHSA-2015:0253-01, RHSA-2015:0254-01, RHSA-2015:0255-01, RHSA-2015:0256-01, RHSA-2015:0257-01, SSA:2015-064-01, SSRT101952, SUSE-SU-2015:0353-1, SUSE-SU-2015:0371-1, SUSE-SU-2015:0386-1, USN-2508-1, VIGILANCE-VUL-16242.

Description of the vulnerability

The Samba product implements the NetLogon service.

An unauthenticated attacker (NULL session over IPC) can use the RPC ServerPasswordSet() of NetLogon. However, the _netr_ServerPasswordSet() function frees a memory area before reusing it.

An unauthenticated attacker can therefore force the usage of a freed memory area in NetLogon of Samba, in order to trigger a denial of service, and possibly to execute code with root privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-3332

Debian, Ubuntu: denial of service via TCP Fast Open

Synthesis of the vulnerability

A local attacker can use TCP Fast Open with the Linux kernel from Debian/Ubuntu, in order to trigger a denial of service.
Impacted products: Debian, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 15/04/2015.
Identifiers: 782515, CERTFR-2015-AVI-236, CERTFR-2015-AVI-237, CVE-2015-3332, DSA-3237-1, SUSE-SU-2015:1071-1, USN-2615-1, USN-2616-1, USN-2619-1, USN-2620-1, VIGILANCE-VUL-16618.

Description of the vulnerability

The Linux kernel used in Debian/Ubuntu includes backports of fixes from more recent upstream versions.

Some fixes about the handling of TCP Fastopen (to open TCP connections with only one exchange) have not been fully backported. In such a kernel, when a process opens a TCP socket in fast open mode, some TCP data from the TCP packet are not saved, which leads to an inconsistency in the connection state and then to a kernel panic when this is noticed at process context switching time.

A local attacker can therefore use TCP Fast Open with the Linux kernel from Debian/Ubuntu, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2014-0112 CVE-2014-3569 CVE-2014-7809

Oracle MySQL: several vulnerabilities of April 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle MySQL were announced in April 2015.
Impacted products: Debian, Junos Space, MBS, MySQL Community, MySQL Enterprise, openSUSE, Solaris, Percona Server, XtraDB Cluster, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 15/04/2015.
Identifiers: bulletinapr2016, bulletinoct2015, CERTFR-2015-AVI-173, CERTFR-2015-AVI-431, cpuapr2015, CVE-2014-0112, CVE-2014-3569, CVE-2014-7809, CVE-2015-0405, CVE-2015-0423, CVE-2015-0433, CVE-2015-0438, CVE-2015-0439, CVE-2015-0441, CVE-2015-0498, CVE-2015-0499, CVE-2015-0500, CVE-2015-0501, CVE-2015-0503, CVE-2015-0505, CVE-2015-0506, CVE-2015-0507, CVE-2015-0508, CVE-2015-0511, CVE-2015-2566, CVE-2015-2567, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2575, CVE-2015-2576, DLA-526-1, DSA-3229-1, DSA-3311-1, DSA-3621-1, JSA10698, MDVSA-2015:227, openSUSE-SU-2015:0967-1, openSUSE-SU-2015:1216-1, RHSA-2015:1628-01, RHSA-2015:1629-01, RHSA-2015:1647-01, RHSA-2015:1665-01, SSA:2015-132-01, SSA:2015-132-02, SUSE-SU-2015:0946-1, SUSE-SU-2015:1273-1, USN-2575-1, VIGILANCE-VUL-16614.

Description of the vulnerability

Several vulnerabilities were announced in Oracle MySQL.

An attacker can use a vulnerability of Service Manager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0112]

An attacker can use a vulnerability of Service Manager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-7809]

An attacker can use a vulnerability of Server : Compiling, in order to trigger a denial of service. [severity:2/4; CVE-2015-0501]

An attacker can use a vulnerability of Server : Security : Encryption, in order to trigger a denial of service. [severity:2/4; CVE-2014-3569]

An attacker can use a vulnerability of Server : Security : Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2015-2568]

An attacker can use a vulnerability of Connector/J, in order to obtain or alter information. [severity:2/4; CVE-2015-2575]

An attacker can use a vulnerability of Server : DDL, in order to trigger a denial of service. [severity:2/4; CVE-2015-2573]

An attacker can use a vulnerability of Server : Information Schema, in order to trigger a denial of service. [severity:2/4; CVE-2015-0500]

An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-0439]

An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-0508]

An attacker can use a vulnerability of Server : InnoDB : DML, in order to trigger a denial of service. [severity:2/4; CVE-2015-0433]

An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-0423]

An attacker can use a vulnerability of Server : Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2015-2571]

An attacker can use a vulnerability of Server : Partition, in order to trigger a denial of service. [severity:2/4; CVE-2015-0438]

An attacker can use a vulnerability of Server : Partition, in order to trigger a denial of service. [severity:2/4; CVE-2015-0503]

An attacker can use a vulnerability of Server : Security : Encryption, in order to trigger a denial of service. [severity:2/4; CVE-2015-0441]

An attacker can use a vulnerability of Server : XA, in order to trigger a denial of service. [severity:2/4; CVE-2015-0405]

An attacker can use a vulnerability of Server : DDL, in order to trigger a denial of service. [severity:2/4; CVE-2015-0505]

An attacker can use a vulnerability of Server : Federated, in order to trigger a denial of service. [severity:2/4; CVE-2015-0499]

An attacker can use a vulnerability of Server : InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2015-0506]

An attacker can use a vulnerability of Server : Memcached, in order to trigger a denial of service. [severity:2/4; CVE-2015-0507]

An attacker can use a vulnerability of Server : Security : Privileges, in order to trigger a denial of service. [severity:2/4; CVE-2015-2567]

An attacker can use a vulnerability of Server : DML, in order to trigger a denial of service. [severity:1/4; CVE-2015-2566]

An attacker can use a vulnerability of Server : SP, in order to trigger a denial of service. [severity:2/4; CVE-2015-0511]

An attacker can use a vulnerability of Installation, in order to alter information. [severity:1/4; CVE-2015-2576]

An attacker can use a vulnerability of Server : Replication, in order to trigger a denial of service. [severity:1/4; CVE-2015-0498]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-0204 CVE-2015-0458 CVE-2015-0459

Oracle Java: several vulnerabilities of April 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Java were announced in April 2015.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, Debian, Avamar, ECC, Fedora, AIX, IRAD, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS, WebSphere MQ, Domino, Notes, MBS, ePO, Java OpenJDK, openSUSE, Java Oracle, JavaFX, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 15/04/2015.
Identifiers: 1902260, 1903541, 1903704, 1958902, 1960194, 1964236, 1966551, 1967498, 1968485, 205086, 206954, 7045736, BSA-2015-009, CERTFR-2015-AVI-172, cpuapr2015, CVE-2015-0204, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492, DSA-3234-1, DSA-3235-1, DSA-3316-1, ESA-2015-085, ESA-2015-134, FEDORA-2015-6357, FEDORA-2015-6369, FEDORA-2015-6397, FREAK, MDVSA-2015:212, openSUSE-SU-2015:0773-1, openSUSE-SU-2015:0774-1, RHSA-2015:0806-01, RHSA-2015:0807-01, RHSA-2015:0808-01, RHSA-2015:0809-01, RHSA-2015:0854-01, RHSA-2015:0857-01, RHSA-2015:0858-01, RHSA-2015:1006-01, RHSA-2015:1007-01, RHSA-2015:1020-01, RHSA-2015:1021-01, RHSA-2015:1091-01, SB10119, SUSE-SU-2015:0833-1, SUSE-SU-2015:1085-1, SUSE-SU-2015:1086-1, SUSE-SU-2015:1086-2, SUSE-SU-2015:1086-3, SUSE-SU-2015:1086-4, SUSE-SU-2015:1138-1, SUSE-SU-2015:1161-1, SUSE-SU-2015:2166-1, SUSE-SU-2015:2168-1, SUSE-SU-2015:2168-2, SUSE-SU-2015:2182-1, SUSE-SU-2015:2192-1, SUSE-SU-2015:2216-1, USN-2573-1, USN-2574-1, VIGILANCE-VUL-16607, VU#243585.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0469]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0459]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0491]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0460]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0492]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0458]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0484]

An attacker can use a vulnerability of Tools, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-0480]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; CVE-2015-0486]

An attacker can use a vulnerability of JSSE, in order to trigger a denial of service. [severity:2/4; CVE-2015-0488]

An attacker can use a vulnerability of Beans, in order to alter information. [severity:2/4; CVE-2015-0477]

An attacker can use a vulnerability of Hotspot, in order to alter information. [severity:2/4; CVE-2015-0470]

An attacker can use a vulnerability of JCE, in order to obtain information (VIGILANCE-VUL-17836). [severity:2/4; CVE-2015-0478]

An attacker, located as a Man-in-the-Middle, can force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data (VIGILANCE-VUL-16301). [severity:2/4; CVE-2015-0204, FREAK, VU#243585]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-3405

NTP.org: predictability of ntp-keygen

Synthesis of the vulnerability

An attacker can predict some keys generated by ntp-keygen of NTP.org, in order to access to resources protected by these keys.
Impacted products: Debian, Meinberg NTP Server, NTP.org, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 09/04/2015.
Identifiers: 2797, bulletinapr2015, CVE-2015-3405, DSA-3388-1, RHSA-2015:1459-01, RHSA-2015:2231-04, SUSE-SU-2015:1173-1, VIGILANCE-VUL-16568.

Description of the vulnerability

The NTP.org product provides the ntp-keygen tool to generate cryptographic keys.

However, if the intermediate result of the gen_md5() function is between 0x20 and 0x7f (except 0x23), then the value is repeated 20 times. The generated key is then highly predictable.

An attacker can therefore predict some keys generated by ntp-keygen of NTP.org, in order to access to resources protected by these keys.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-1798 CVE-2015-1799

NTP.org: two vulnerabilities of Crypto

Synthesis of the vulnerability

An attacker can use two vulnerabilities related to cryptographic features of NTP.org.
Impacted products: Cisco ASR, Cisco ACE, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Debian, Black Diamond, ExtremeXOS, Ridgeline, Summit, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HPE Switch, HP-UX, AIX, MBS, Meinberg NTP Server, NTP.org, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 07/04/2015.
Identifiers: 2779, 2781, bulletinapr2015, c04679309, c05033748, cisco-sa-20150408-ntpd, CVE-2015-1798, CVE-2015-1799, DSA-3223-1, FEDORA-2015-5830, FEDORA-2015-5874, FreeBSD-SA-15:07.ntp, HPSBHF03557, HPSBUX03333, MDVSA-2015:202, ntp4_advisory, ntp_advisory3, openSUSE-SU-2015:0775-1, RHSA-2015:1459-01, RHSA-2015:2231-04, SOL16505, SOL16506, SSA:2015-111-08, SSRT102029, SUSE-SU-2015:1173-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-2567-1, VIGILANCE-VUL-16548, VN-2015-006-NTP, VU#374268.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can use a message without MAC (Message Authentication Code), in order to bypass the authentication using a symmetric key. [severity:2/4; 2779, CVE-2015-1798]

An attacker can spoof a packet between two servers paired with a symmetric association, in order to trigger a denial of service. [severity:2/4; 2781, CVE-2015-1799]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-2925

Linux kernel: privilege escalation via Bind Mount

Synthesis of the vulnerability

An attacker can use a Bind Mount on the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 03/04/2015.
Identifiers: CERTFR-2015-AVI-430, CERTFR-2015-AVI-498, CVE-2015-2925, DSA-3364-1, DSA-3372-1, FEDORA-2015-d7e074ba30, FEDORA-2015-dcc260f2f2, openSUSE-SU-2015:1842-1, openSUSE-SU-2016:0301-1, RHSA-2015:2152-02, RHSA-2015:2411-01, RHSA-2015:2587-01, RHSA-2015:2636-01, SOL31026324, SUSE-SU-2015:2194-1, SUSE-SU-2015:2292-1, USN-2792-1, USN-2794-1, USN-2795-1, USN-2796-1, USN-2797-1, USN-2798-1, USN-2799-1, VIGILANCE-VUL-16535.

Description of the vulnerability

The "--bind" mode of mount can be used to mount a directory tree at several locations on the file system.

The Linux kernel supports containers to jail applications.

However, a local attacker can use a double mount of type bind, in order to access to resources located outside its container.

An attacker can therefore use a Bind Mount on the Linux kernel, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SLES: